John,

Before your hat-size increases too much, consider the posts by Steven Den Beste on the subject of Apple-versus-"Wintel". It may be that no one writes viruses/crapware/whatever for Apples because there's NO POINT in doing so-- why write such stuff for systems that are so very much a minority of operating systems that nothing written for them will propagate as fast (if at all) as the stuff written for Wintel systems will?

Or, to put it another way, it may be that Apple systems don't so much have clean streets as they are the equivalent of Podunk Square, Iowa, which has no crime to speak of because it's in the middle of nowhere.

Actually, it is much harder to even write viruses for the Mac for a couple of reasons. One is the centralized design - Apple is very much a proprietary format, and has control over everything from the architecture to the OS. Windows might be seen as more of a collaborative effort - I know for a fact that a good computer designer, when putting together a Winbox, may not always use the top-of-the line components because they don't always work well together. Little variations in standards, non-standard components - these all contribute to the security holes.

Another is the lack of backward compatibility. Windows would certainly be more secure if they were able to design it from the ground up to do exactly the same things it does today (though Longhorn may be that redesign, it will still have a certain amount of backward compatibility.) It's a tradeoff - Windows is luring its users to new systems by saying they won't have to repurchase or replace all of their essential business software when they upgrade, but some vunerabilities remain from system to system.

There's even the obvious things, such as the fact that Macs are shipped with security turned on, while Winboxen require the end user to set their security, with the obvious happening that only those in the know do.

Nah, the most obvious thing is that Mac's are something like 1% of the market. You might as well brag that the Commodore 64 market segment isn't plauged by viruses, either. For the same reason as the Mac.

I've heard that "lack of market-share" argument often, but I think it's false. There are tens of millions of Macs in use, and they are no harder to program for than PC's. One would expect some virus's (virii?) if only because the first successful OS-X virus would attract a LOT of attention and outrage. Big psychic payoff for the inventor.

But suppose you are a unhappy adolescent with a Mac, and you are learning to write code—you will inevitably start mixing in with the forums and websites. And you will find yourself welcomed into a fairly friendly and supportive and "law-abinding" community. (And also scoffed and sneered at by those many PC users whose extreme defensiveness manifests itself in Mac-bashing.) Are you going to feel like writing a Mac virus? Not likely.

Heh. There were certainly Trojans aimed at MacOS versions before X.

I can just as well note that my desktop operating system, Linux, has no worms or Trojan horses.

Of course, people do find alternate ways to break into both systems. MacOS X systems have been remotely compromised as a result of security flaws, just like any other OS. (Well, OpenBSD is pretty good in that respect, but there's a reason it has slow development as well.)

Worms and Trojan horses and spyware are a result of a security model where people run as a superuser on their system all the time, and install programs that they aren't familiar with from suspicious sources. The fact that MS Outlook tends to automatically open attachments by default only adds to the problem.

That's interesting about Linux. Would you say it has something to do with the community of Linux users? Are there virus's?

I think there were something like 75 known OS-9 virus's.

OS-X is actually UNIX,and I think it benefits from a lot of hole-patching that's happened with UNIX. It seems to me very orderly, though I can't compare it with anything else except older Mac Systems. Things have to be put in certain places, programs arre always contained in one folder, and paswords are required to install updates or new software.

John--

There are no Linux viruses, either. It has to do with the permission model; Linux, as a UNIX-based system, runs as a multiuser environment. Users do not typically run as the superuser (root), with permission to alter critical system files on their machine. They temporarily become the superuser in order to carry out specified tasks.

For this reason, it's essentially impossible for a normal user to run a virus. Destructive programs need to be run by someone with root privileges. What's much more likely is that someone detects a remote vulnerability and takes advantage of security weaknesses in already running programs, especially those that connect to the network. All sorts of servers are the worst offenders, because they're specifically designed to communicate with the outside world.

Market share helps, too, of course.

In Windows, at least on normal desktops, most people run their machine so that they have the privileges to change anything on the system. Partially this is because it's much more annoying to change one's identity; you have to logout first. But this means that it's far too easy to install a program that you shouldn't.

Another reason why Linux has very few viruses-- there's a strong tradition of publishing source code along with programs. People won't run programs that don't have publically shared source code, and seeing the source makes it much easier to detect Trojans, viruses, spyware, and other unwanted things. At least one attempt has been tried to insert a Trojan into a well-known program (after a server hosting the source was cracked), but it was quickly spotted. Even if not everyone can read and understand the code, someone can.